This bill aims to strengthen cybersecurity measures within the state of Kansas by consolidating cybersecurity services under the leadership of the chief information security officer (CISO) for each branch of government. It amends several statutes, including K.S.A. Supp. 40-110, 75-413, 75-623, 75-710, 75-711, and 75-7203, and notably removes expiration provisions from existing cybersecurity legislation, ensuring that the responsibilities and requirements for cybersecurity remain in effect indefinitely. The CISO is tasked with developing a cybersecurity program that aligns with the National Institute of Standards and Technology's Cybersecurity Framework (CSF) 2.0, and mandates annual cybersecurity awareness training for all employees, with consequences for non-compliance.
Additionally, the bill establishes the positions of chief information security officers for both the judicial and legislative branches, who will oversee the implementation of cybersecurity protocols and conduct annual audits in collaboration with the United States Cybersecurity and Infrastructure Security Agency. It requires all justices, judges, legislators, and employees to complete annual cybersecurity training, with access to state-issued hardware revoked for those who do not comply. The legislation also integrates cybersecurity services across state government, mandates confidentiality for audit results, and ensures continued enforcement of cybersecurity provisions by repealing sections that previously included expiration dates. Overall, the bill seeks to enhance the cybersecurity posture of Kansas state government through clear roles, responsibilities, and compliance requirements.
Statutes affected: As Introduced: 40-110, 45-215, 75-413, 75-623, 75-710, 75-711, 75-7203, 75-7245, 75-7206a, 75-7208a, 76-711, 75-7246
As introduced: 40-110, 45-215, 75-413, 75-623, 75-710, 75-711, 75-7203, 75-7245, 75-7206a, 75-7208a, 76-711, 75-7246